Magpie Tech Tips

The Bash Bug/Shellshock - Why It's Not "Bigger" Than Heartbleed

Have you seen the news about "Shellshock" yet? A bug in Linux and Mac OS X software which the media's calling "worse than Heartbleed." We think it's an issue, but not that bad. Here's why.

You may recall the Heartbleed bug from earlier this year. The vulnerability in OpenSSL technology put online transactions the world over at risk of data theft.

In late September, a vulnerability has come to the media's attention in the bash shell. Bash is used in most Linux systems and some Mac OS X computers. The vulnerability, dubbed “Shellshock” or "The Bash Bug," could allow hackers to break into computers and access confidential information. Like credit card details or your Social Security Number.

Exploiting Shellshock takes some coding skill. And even if you exploit it, there’s no guarantee of a big payoff.

Shellshock is not strictly a bug - it's a coding peculiarity within the bash shell itself. It's not new either; this has been known for 25 years. And in those 25 years, it hasn't caused any serious harm to servers (that we know of).

This doesn’t meant Shellshock is not a threat at all; FireEye reports that malware and DDoS attacks targeting Shellshock are already in the wild.

However, we do think the media is overstating the threat. The vulnerability is already being patched.

If you are not a PlanetMagpie customer yet, or you run Linux servers in your business, please talk to your IT administrators. Chances are they're aware of Shellshock. But just in case they're not, have them look into it. We're happy to assist if they'd like input.